输出
xiangbei 认证通过! xiangbei 具有 admin 角色 hasRoles **访问控制测试 * @author 赖柄沣 bingfengdev@aliyun.com * @version 1.0 * @date 2020/10/5 16:48 */ public class AuthzTest { private CurrentSystemAuthenticator authenticator; @Before public void init() { this.authenticator = new CurrentSystemAuthenticator(); //对于授权,只有主体通过认证后才能进行,所以需要先登录系统 this.authenticator.authenticate("xiangbei","123"); } /** 适用于只要有其中一个角色即可的情况 */ @Test public void testHasRoles(){ Subject subject = SecurityUtils.getSubject(); boolean[] booleans = subject.hasRoles(Arrays.asList("admin", "user")); for (boolean b : booleans) { if (b) { System.out.println(subject.getPrincipal()+" 具有访问权限"); break; } } } }输出
xiangbei 认证通过! xiangbei 具有访问权限 hasAllRoles /**访问控制测试 * @author 赖柄沣 bingfengdev@aliyun.com * @version 1.0 * @date 2020/10/5 16:48 */ public class AuthzTest { private CurrentSystemAuthenticator authenticator; @Before public void init() { this.authenticator = new CurrentSystemAuthenticator(); //对于授权,只有主体通过认证后才能进行,所以需要先登录系统 this.authenticator.authenticate("xiangbei","123"); } /** 具备所有角色才能访问 */ @Test public void testHasAllRoles(){ Subject subject = SecurityUtils.getSubject(); boolean b = subject.hasAllRoles(Arrays.asList("admin", "user")); if (b) { System.out.println(subject.getPrincipal()+" 具有访问权限"); }else { System.out.println(subject.getPrincipal()+" 没有访问权限"); } } }输出
xiangbei 认证通过! xiangbei 没有访问权限 基于资源的访问控制 改造自定义Realm获取资源权限信息 /**自定义Realm对象 * @author 赖柄沣 bingfengdev@aliyun.com * @version 1.0 * @date 2020/10/4 11:00 */ public class MySqlRealm extends AuthorizingRealm { public MySqlRealm() { //设置凭证匹配器,修改为hash凭证匹配器 HashedCredentialsMatcher myCredentialsMatcher = new HashedCredentialsMatcher(); //设置算法 myCredentialsMatcher.setHashAlgorithmName("md5"); //散列次数 myCredentialsMatcher.setHashIterations(1024); this.setCredentialsMatcher(myCredentialsMatcher); } /**授权方法 * 对于授权方法,每次判断主体是否具备对应权限时都会调用 * 因此,这里应当做缓存 * 缓存会在后面与springboot整合时讲 * @author 赖柄沣 bingfengdev@aliyun.com * @date 2020-10-04 11:01:50 * @param principalCollection * @return org.apache.shiro.authz.AuthorizationInfo * @throws AuthenticationException * @version 1.0 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { //1. 获取当前主体的主身份信息,即用户名 String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal(); //2. 根据主身份信息查询数据库,获取主体具备的权限(模拟) SimpleAuthorizationInfo authenticationInfo = null; if ("xiangbei".equals(primaryPrincipal)){ authenticationInfo = new SimpleAuthorizationInfo(); //authenticationInfo.addRole("admin"); //具备user的所有权限 authenticationInfo.addStringPermission("user:*"); //具备产品的创建权限 authenticationInfo.addStringPermission("product:create"); } return authenticationInfo; } /**认证 * @author 赖柄沣 bingfengdev@aliyun.com * @date 2020-10-04 11:01:50 * @param authenticationToken * @return org.apache.shiro.authz.AuthorizationInfo * @throws AuthenticationException * @version 1.0 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { // 1. 从token中获取用户名 String principal = (String) authenticationToken.getPrincipal(); //2. 根据用户名查询数据库并封装成authenticationinfo对象返回(模拟) if (principal == "xiangbei") { //四个参数分别是数据库中的账号、加密后的密码、盐值、realm名字 AuthenticationInfo authInfo = new SimpleAuthenticationInfo("xiangbei", "ff595c47b51b4cf70fddce090f68879e", ByteSource.Util.bytes("ee575f62-0dda-44f2-b75e-4efef795018f"), this.getName()); return authInfo; } return null; } } 进行测试在上面的设定中,用户xiangbei具有用户资源的所有权限,对产品具有创建权限
isPermitted(String permission)